The SitePoint Forums have moved.

You can now find them here.
This forum is now closed to new posts, but you can browse existing content.
You can find out more information about the move and how to open a new account (if necessary) here.
If you get stuck you can get support by emailing forums@sitepoint.com

If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Hybrid View

Is this a security issue? (SSL question)

On the Bank of America website, they have "Sign-in" area on their homepage, but the homepage is NOT on a SSL!?!?? The <FORM> that that submits the login information is submitted to a secure site, but doesn't the entire transaction have to take place on a SSL in order for it to be secure?

No - It is the target URL that determines whether or not the POSTed data will be encrypted or not, and thus the example site that you give is 100% fine (as far as that particular aspect goes, anyway!!)

Being on of the millions of BOFA customers who actually uses their online banking system, I can say that most people get that confidence because it is Bank of America not because they have a little lock that is hard to see on their browser's status bar.

Personally, if I didn't have confidence in them or their website they wouldn't have my money.